Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework.security/spring-security-core@7.0.5
purl pkg:maven/org.springframework.security/spring-security-core@7.0.5
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-9np9-s26y-87ch Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4. CVE-2026-22751
GHSA-x2wq-9x2f-fhj7

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-26T22:37:24.522703+00:00 GHSA Importer Fixing VCID-9np9-s26y-87ch https://github.com/advisories/GHSA-x2wq-9x2f-fhj7 38.4.0